My OperaYou need to be logged in to post in the forums. If you do not have an account, please sign up first.
[research] forged "look-alike" certificates obtained from cooperative certificate authorities
http://www.crypto.com/blog/spycerts/A paper published today [24 March 2010] by Chris Soghoian and Sid Stamm suggests that the threat may be far more practical than previously thought. They found turnkey surveillance products, marketed and sold to law enforcement and intelligence agencies in the US and foreign countries, designed to collect encrypted SSL traffic based on forged "look-alike" certificates obtained from cooperative certificate authorities. The products (apparently available only to government agencies) appear sophisticated, mature, and mass-produced, suggesting that "certified man-in-the-middle" web surveillance is at least commonplace and widespread enough to support an active vendor community.
Although current browsers don't ordinarily detect unusual or suspiciously changed certificates, there's no fundamental reason they couldn't (and the Soghoian/Stamm paper proposes a Firefox plugin to do just that).
Forums » General Opera topics » Security and privacy in Opera